VPN PROBLEM UNABLE TO SHARE FILES

ADN · December 7, 2006, 11:16pm

Hi i have a problem with a VPN set by ISP, my problem is this

I have a 3 remote offices connected to the main office by a VPN set by ISP using fiber optic ring. I can share files without problem between the remote offices but i can’t access the shared files or DB on the main office.
From the main office I can access any remote office without problem

here yo will fine a diagram that i made with paint http://www.bteshvirzi.com/vpn/

Main office 192.168.9.0/24
remote office 1 = 192.168.1.0
remote office 2 = 192.168.10.0/24
remote office 3 = 192.168.12.0/24

Another router with IP 192.168.9.1 (Nortel Contivity 1010) internconect the router from remote offices (Contivity 221) as you can see in the diagram

in my Route List i Have

AS 192.168.1.0/24 Gateway 192.168.9.1 Ether2
AS 192.168.10.0/24 Gateway 192.168.9.1 Ether2
AS 192.168.12.0/24 Gateway 192.168.9.1 Ether2
DAC 192.168.9.0/24 Gateway 192.168.9.4 Ether2
DAC 200.../99 Gateway 200... Ether1

Mikrotik DHCP Network (main Office)
192.168.9.0/24 ether2 Gateway 192.168.9.4

What is wrong???

ADN · December 8, 2006, 1:01am

If I set the gateway of a computer to 192.168.9.1 all the remotes offices can see the shared files on that computer…

Any help

andrewluck · December 9, 2006, 10:00am

Unless your clients have a route to the branch offices, they’ll try to use their default route (Internet) to return packets.

Simplest way to rectify this is to add a route on the Mikrotik for 192.168.0.0/16 that points to 192.168.9.1.

Regards

Andrew

ADN · December 9, 2006, 7:49pm

Hi Andrew,

Ass you sugest i add on the route list the address 192.168.0.0/16 but the mikrotik doesn´t add the interface only show "unknow" I am sure I did on the wrong way..

could you teld me the right way to do it?

I am a newbie on mikrotik...

This are my routes list

DST-ADDRESS PREF-SRC G GATEWAY DIS INTERFACE

0 A S ;;;Remote office 1
192.168.1.0/24 r 192.168.9.1 ether2
Main Office
1 ADC 192.168.9.0/24 192.168.9.4 ether2
2 A S ;;;Remote Office 2
192.168.10.0/24 r 192.168.9.1 ether2
3 A S ;;;remote Office 3
192.168.11.0/24 r 192.168.9.1 ether2
4 A S ;;;Remote Office 4
192.168.12.0/24 r 192.168.9.1 ether2
ISP Internet
5 ADC 200...96/29 200...99 ether1

andrewluck · December 10, 2006, 10:04am

I am sure I did on the wrong way..

No. That would work on a Cisco.

Looking at your route table I see that you have entries for each remote network already. What should happen in this case is that the router sends a client redirect to any main office PC trying to send a packet to a remote network. Try a tracert to a remote PC from an office PC, what route do the packets take?

The alternative, is to put that route entry into each office PC. Depending upon the number of PCs this could be a pain. However, you could use a logon script or use the ‘persistent’ option on each PC’s route command to limit the work required.

Regards

Andrew

ADN · December 13, 2006, 7:31pm

Andrew,

that does´t work it works on another computer on the same network but not in the server, meaby is something wrong on the server, I know the windows firewall for the network card is disable because I dont have that server conected to the internet, I add the routes as persistent and nothing happens…I am thinking on install the OS of the server from scratch…

ADN · December 16, 2006, 12:39am

Yes, yuo are right I was suspecting about the server because I add the routes as persistent on a single XP computer and works great…

Finaly I see the routes on the server and the error was on front of my eyes all the time, the gateway for the routes that I was triying to use is the same of my DHCP server (192.168.9.4) thats wrong, must be the gateway of the contivity(192.168.9.1) I added as persistent… now is working

This case is closed for now everthing is working great…

THANKS A LOT FOR YOUR HELP ANDREW…